Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Tidserv


  • This topic is locked This topic is locked
34 replies to this topic

#1 squatch

squatch

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 17 August 2011 - 09:47 PM

I had a post regarding this problem in the "Am I infected? What do I do?" After some back and forth, I was told to post on this forum.

Here is a link to the other thread:

http://www.bleepingcomputer.com/forums/topic414291.html/page__st__15

Rather than reposting all of the history again, please refer to the other thread which has all of the steps I did and the output.

Where do I go from here?

If this virus is in the MBR, can't I just rewrite the MBR using Windows 7 Repair Services Bootrec.exe (http://support.microsoft.com/kb/927392)? Just a thought I'll throw out there...

Your help is greatly appreciated! Thanks!

BC AdBot (Login to Remove)

 


#2 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 17 August 2011 - 10:56 PM

Oops - my bad. Here you go:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lindsey at 23:43:34 on 2011-08-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6005.3201 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8CAD42CD-FF89-4ADC-A8FD-8EA70CD49780} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8CAD42CD-FF89-4ADC-A8FD-8EA70CD49780}\C43514942505F42545 : DhcpNameServer = 172.16.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110817.030\IDSviA64.sys [2011-8-17 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-12 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-8-12 60928]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-8-13 130008]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-12 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-13 136824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-12 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-12 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-15 07:00:25 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-15 01:07:36 -------- d-----w- C:\Old C Drive
2011-08-14 13:35:22 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Malwarebytes
2011-08-14 13:34:50 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-14 13:34:50 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-14 13:34:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-14 13:34:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-14 13:17:20 5474688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-14 13:17:19 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-14 13:17:19 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-14 07:23:14 -------- d-----w- C:\Windows\SysWow64\Wat
2011-08-14 07:23:14 -------- d-----w- C:\Windows\System32\Wat
2011-08-14 07:05:14 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-08-14 07:05:14 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-08-14 07:05:14 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-08-14 07:05:14 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-08-14 07:05:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-08-14 07:05:13 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-08-14 07:05:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-08-14 07:05:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-08-14 07:05:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-08-14 07:05:12 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-08-13 14:39:13 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-08-13 14:39:13 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-08-13 14:39:13 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-08-13 14:39:13 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-08-13 14:39:13 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-08-13 14:39:13 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-08-13 14:39:04 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-08-13 13:58:15 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-13 13:51:52 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-08-13 13:51:52 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-08-13 13:51:52 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-08-13 13:51:52 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-08-13 13:51:52 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-08-13 13:51:50 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-08-13 13:51:49 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-08-13 13:51:49 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-08-13 13:51:49 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-13 13:38:07 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-08-13 13:38:06 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-13 13:38:06 -------- d-----w- C:\Program Files\Symantec
2011-08-13 13:38:06 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-08-13 13:37:57 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-08-13 13:37:57 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-08-13 13:37:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-08-13 13:37:51 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2011-08-13 13:37:31 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-13 13:37:31 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-08-13 12:56:47 -------- d-----w- C:\ProgramData\Norton
2011-08-13 12:54:14 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-08-13 12:54:01 -------- d-----w- C:\Windows\PCHEALTH
2011-08-13 12:54:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-08-13 12:51:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-08-13 12:51:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-08-13 12:50:51 -------- d-----w- C:\Users\Lindsey\AppData\Local\Microsoft Help
2011-08-13 01:04:53 -------- d-----w- C:\Users\Lindsey\AppData\Local\Adobe
2011-08-13 01:04:39 -------- d-----w- C:\Users\Lindsey\AppData\Local\Google
2011-08-12 20:29:35 -------- d-----w- C:\Users\Lindsey\AppData\Local\PowerDVD DX
2011-08-12 20:28:35 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-12 20:28:35 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-08-12 20:28:35 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-12 20:28:35 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-12 20:28:35 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-12 20:28:32 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-12 20:28:05 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-12 20:28:05 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-12 20:23:46 -------- d-----w- C:\Program Files (x86)\Creative
2011-08-12 20:22:48 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2011-08-12 20:22:46 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2011-08-12 20:22:46 174848 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2011-08-12 20:22:43 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2011-08-12 20:22:06 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Macrovision
2011-08-12 20:20:56 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Roxio Burn
2011-08-12 20:17:49 -------- d-----w- C:\ProgramData\Uninstall
2011-08-12 20:16:05 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2011-08-12 20:15:30 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets
2011-08-12 20:15:24 -------- d-----w- C:\Program Files\Roxio
2011-08-12 20:13:49 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-08-12 20:13:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-08-12 20:13:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-08-12 20:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-08-12 20:12:25 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-08-12 20:11:48 -------- d-----w- C:\Program Files (x86)\Roxio
2011-08-12 20:06:43 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Roxio Log Files
2011-08-12 19:16:36 0 ----a-w- C:\Windows\ativpsrm.bin
2011-08-12 19:15:51 -------- d-----w- C:\Program Files\IDT
2011-08-12 19:15:50 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-08-12 19:15:50 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-08-12 19:15:50 652288 ----a-w- C:\Windows\System32\ctapo64.dll
2011-08-12 19:15:50 57856 ----a-w- C:\Windows\System32\ctppld64.dll
2011-08-12 19:15:50 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-08-12 19:15:50 511488 ----a-w- C:\Windows\System32\ctapo32.dll
2011-08-12 19:15:50 431104 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-08-12 19:15:50 3593216 ----a-w- C:\Windows\System32\stlang64.dll
2011-08-12 19:15:50 165888 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-08-12 19:15:49 12151808 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-08-12 19:15:49 -------- d-----w- C:\Windows\System32\SRSLabs
2011-08-12 17:43:58 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-08-12 17:43:56 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-08-12 17:43:56 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-08-12 17:43:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-08-12 17:43:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-12 17:43:56 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-08-12 17:43:56 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-08-12 17:43:56 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-08-12 17:43:56 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-08-12 17:42:41 -------- d-----w- C:\Program Files\Common Files\Intel
2011-08-12 17:42:41 -------- d-----w- C:\Program Files (x86)\Cisco
2011-08-12 17:41:23 18792 ----a-w- C:\Windows\System32\drivers\stdflt.sys
2011-08-12 17:41:23 -------- d-----w- C:\Program Files (x86)\STMicroelectronics
2011-08-12 17:41:08 -------- d-----w- C:\Program Files\Dell
2011-08-12 17:40:17 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2011-08-12 17:40:15 -------- d-----w- C:\Intel
2011-08-12 17:37:11 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-08-12 17:37:11 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-08-12 17:19:59 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4D7BFCD-41B6-4A2C-9CD3-7ACCC7EAF6FA}\mpengine.dll
2011-08-12 17:19:58 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-12 17:06:46 -------- d-----w- C:\Users\Lindsey\AppData\Local\Diagnostics
2011-08-12 00:01:20 -------- d-----w- C:\backup
2011-08-11 23:59:02 -------- d-----w- C:\Program Files\Synaptics
2011-08-11 23:55:57 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-08-11 23:49:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-08-11 23:48:50 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-08-11 23:47:37 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-11 23:45:53 -------- d-----w- C:\hotfix
2011-08-11 23:45:23 -------- d-----w- C:\Windows\System32\oem
2011-08-11 23:45:22 -------- d-----w- C:\Windows\Panther
2011-08-11 23:45:22 -------- d-----w- C:\Drivers
2011-08-11 23:39:45 -------- d-----w- C:\dell
.
==================== Find3M ====================
.
2011-08-12 17:38:32 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-08-12 17:38:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-12 17:38:17 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-11 23:55:57 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-08-11 23:47:37 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
.
============= FINISH: 23:44:13.03 ===============

I am running Windows 7, so I did not create a GMER log.

I do not see an ATTACH FILE option, so I am posting the contents of the ATTACH.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/12/2011 1:03:01 PM
System Uptime: 8/16/2011 7:48:15 AM (40 hours ago)
.
Motherboard: Dell Inc. | | 0874P6
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz | U2E1 | 1176/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 34.938 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 8/12/2011 1:19:48 PM - Windows Update
RP7: 8/12/2011 4:07:31 PM - Installed DirectX
RP8: 8/12/2011 4:22:27 PM - Installed Integrated Webcam
RP9: 8/12/2011 9:13:36 PM - Installed Adobe Reader X (10.1.0).
RP10: 8/13/2011 8:50:36 AM - Installed Microsoft Office Professional Plus 2010
RP11: 8/14/2011 3:00:33 AM - Windows Update
RP12: 8/14/2011 8:35:18 PM - Windows Update
RP13: 8/15/2011 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
Accelerometer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Advanced Audio FX Engine
ATI Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Definition update for Microsoft Office 2010 (KB982726)
Dell Webcam Central
DirectX 9 Runtime
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 24
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
PhotoShowExpress
PowerDVD
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skins
Sonic CinePlayer Decoder Pack
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 10:49:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
8/14/2011 8:37:39 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
8/14/2011 8:35:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
8/14/2011 8:35:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
8/14/2011 2:58:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
8/14/2011 2:56:30 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2011 2:56:30 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2011 2:56:30 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/14/2011 2:56:30 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2011 2:56:30 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/12/2011 4:14:21 PM, Error: Service Control Manager [7030] - The Roxio Hard Drive Watcher 12 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/12/2011 4:14:20 PM, Error: Service Control Manager [7030] - The RoxMediaDB12OEM service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 22 August 2011 - 09:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414921 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 22 August 2011 - 10:26 PM

I am running Windows 7 Home Premium.
Norton Security Suite Version 5.1.0.29.
Norton reports "Boot.Tidserv Remove Failed".

A complete history of what I have done so far can be found at:
http://www.bleepingcomputer.com/forums/topic414291.html


I have the original install disks.
I did not do a GMER, as I have 64 bit Windows.

DDS .txt file:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lindsey at 23:12:46 on 2011-08-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6005.4249 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8CAD42CD-FF89-4ADC-A8FD-8EA70CD49780} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8CAD42CD-FF89-4ADC-A8FD-8EA70CD49780}\C43514942505F42545 : DhcpNameServer = 172.16.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110819.030\IDSviA64.sys [2011-8-22 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-12 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-8-12 60928]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-8-13 130008]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-12 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-13 136824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-12 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-12 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-15 07:00:25 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-15 01:07:36 -------- d-----w- C:\Old C Drive
2011-08-14 13:35:22 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Malwarebytes
2011-08-14 13:34:50 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-14 13:34:50 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-14 13:34:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-14 13:34:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-14 13:17:20 5474688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-14 13:17:19 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-14 13:17:19 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-14 07:23:14 -------- d-----w- C:\Windows\SysWow64\Wat
2011-08-14 07:23:14 -------- d-----w- C:\Windows\System32\Wat
2011-08-14 07:05:14 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-08-14 07:05:14 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-08-14 07:05:14 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-08-14 07:05:14 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-08-14 07:05:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-08-14 07:05:13 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-08-14 07:05:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-08-14 07:05:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-08-14 07:05:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-08-14 07:05:12 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-08-13 14:39:13 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-08-13 14:39:13 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-08-13 14:39:13 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-08-13 14:39:13 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-08-13 14:39:13 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-08-13 14:39:13 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-08-13 14:39:04 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-08-13 13:58:15 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-13 13:51:52 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-08-13 13:51:52 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-08-13 13:51:52 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-08-13 13:51:52 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-08-13 13:51:52 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-08-13 13:51:50 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-08-13 13:51:49 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-08-13 13:51:49 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-08-13 13:51:49 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-13 13:38:07 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-08-13 13:38:06 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-13 13:38:06 -------- d-----w- C:\Program Files\Symantec
2011-08-13 13:38:06 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-08-13 13:37:57 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-08-13 13:37:57 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-08-13 13:37:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-08-13 13:37:51 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2011-08-13 13:37:31 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-13 13:37:31 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-08-13 12:56:47 -------- d-----w- C:\ProgramData\Norton
2011-08-13 12:54:14 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-08-13 12:54:01 -------- d-----w- C:\Windows\PCHEALTH
2011-08-13 12:54:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-08-13 12:51:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-08-13 12:51:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-08-13 12:50:51 -------- d-----w- C:\Users\Lindsey\AppData\Local\Microsoft Help
2011-08-13 01:04:53 -------- d-----w- C:\Users\Lindsey\AppData\Local\Adobe
2011-08-13 01:04:39 -------- d-----w- C:\Users\Lindsey\AppData\Local\Google
2011-08-12 20:29:35 -------- d-----w- C:\Users\Lindsey\AppData\Local\PowerDVD DX
2011-08-12 20:28:35 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-12 20:28:35 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-08-12 20:28:35 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-12 20:28:35 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-12 20:28:35 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-12 20:28:32 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-12 20:28:05 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-12 20:28:05 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-12 20:23:46 -------- d-----w- C:\Program Files (x86)\Creative
2011-08-12 20:22:48 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2011-08-12 20:22:46 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2011-08-12 20:22:46 174848 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2011-08-12 20:22:43 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2011-08-12 20:22:06 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Macrovision
2011-08-12 20:20:56 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Roxio Burn
2011-08-12 20:17:49 -------- d-----w- C:\ProgramData\Uninstall
2011-08-12 20:16:05 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2011-08-12 20:15:30 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets
2011-08-12 20:15:24 -------- d-----w- C:\Program Files\Roxio
2011-08-12 20:13:49 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-08-12 20:13:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-08-12 20:13:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-08-12 20:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-08-12 20:12:25 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-08-12 20:11:48 -------- d-----w- C:\Program Files (x86)\Roxio
2011-08-12 20:06:43 -------- d-----w- C:\Users\Lindsey\AppData\Roaming\Roxio Log Files
2011-08-12 19:16:36 0 ----a-w- C:\Windows\ativpsrm.bin
2011-08-12 19:15:51 -------- d-----w- C:\Program Files\IDT
2011-08-12 19:15:50 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-08-12 19:15:50 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-08-12 19:15:50 652288 ----a-w- C:\Windows\System32\ctapo64.dll
2011-08-12 19:15:50 57856 ----a-w- C:\Windows\System32\ctppld64.dll
2011-08-12 19:15:50 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-08-12 19:15:50 511488 ----a-w- C:\Windows\System32\ctapo32.dll
2011-08-12 19:15:50 431104 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-08-12 19:15:50 3593216 ----a-w- C:\Windows\System32\stlang64.dll
2011-08-12 19:15:50 165888 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-08-12 19:15:49 12151808 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-08-12 19:15:49 -------- d-----w- C:\Windows\System32\SRSLabs
2011-08-12 17:43:58 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-08-12 17:43:56 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-08-12 17:43:56 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-08-12 17:43:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-08-12 17:43:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-12 17:43:56 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-08-12 17:43:56 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-08-12 17:43:56 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-08-12 17:43:56 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-08-12 17:42:41 -------- d-----w- C:\Program Files\Common Files\Intel
2011-08-12 17:42:41 -------- d-----w- C:\Program Files (x86)\Cisco
2011-08-12 17:41:23 18792 ----a-w- C:\Windows\System32\drivers\stdflt.sys
2011-08-12 17:41:23 -------- d-----w- C:\Program Files (x86)\STMicroelectronics
2011-08-12 17:41:08 -------- d-----w- C:\Program Files\Dell
2011-08-12 17:40:17 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2011-08-12 17:40:15 -------- d-----w- C:\Intel
2011-08-12 17:37:11 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-08-12 17:37:11 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-08-12 17:19:59 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4D7BFCD-41B6-4A2C-9CD3-7ACCC7EAF6FA}\mpengine.dll
2011-08-12 17:19:58 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-12 17:06:46 -------- d-----w- C:\Users\Lindsey\AppData\Local\Diagnostics
2011-08-12 00:01:20 -------- d-----w- C:\backup
2011-08-11 23:59:02 -------- d-----w- C:\Program Files\Synaptics
2011-08-11 23:55:57 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-08-11 23:49:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-08-11 23:48:50 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-08-11 23:47:37 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-11 23:45:53 -------- d-----w- C:\hotfix
2011-08-11 23:45:23 -------- d-----w- C:\Windows\System32\oem
2011-08-11 23:45:22 -------- d-----w- C:\Windows\Panther
2011-08-11 23:45:22 -------- d-----w- C:\Drivers
2011-08-11 23:39:45 -------- d-----w- C:\dell
.
==================== Find3M ====================
.
2011-08-12 17:38:32 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-08-12 17:38:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-12 17:38:17 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-11 23:55:57 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-08-11 23:47:37 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
.
============= FINISH: 23:13:16.02 ===============

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 AM

Posted 23 August 2011 - 08:11 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 24 August 2011 - 09:01 AM

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-24 09:50:01
-----------------------------
09:50:01.425 OS Version: Windows x64 6.1.7600
09:50:01.425 Number of processors: 4 586 0x2502
09:50:01.425 ComputerName: LINDSEY-PC UserName: Lindsey
09:50:02.798 Initialize success
09:50:07.369 AVAST engine defs: 11082400
09:50:18.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:50:18.055 Disk 0 Vendor: TOSHIBA_ MF00 Size: 476940MB BusType: 3
09:50:18.071 Disk 0 MBR read successfully
09:50:18.086 Disk 0 MBR scan
09:50:18.086 Disk 0 Windows 7 default MBR code
09:50:18.086 Service scanning
09:50:19.303 Modules scanning
09:50:19.303 Disk 0 trace - called modules:
09:50:19.334 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys iaStor.sys hal.dll
09:50:19.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006513790]
09:50:19.350 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800637b930]
09:50:19.350 5 stdflt.sys[fffff880019dba4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006219050]
09:50:20.613 AVAST engine scan C:\Windows
09:50:22.485 AVAST engine scan C:\Windows\system32
09:51:33.918 AVAST engine scan C:\Windows\system32\drivers
09:51:43.122 AVAST engine scan C:\Users\Lindsey
09:54:24.224 AVAST engine scan C:\ProgramData
09:54:55.767 Scan finished successfully
09:57:30.519 Disk 0 MBR has been saved successfully to "C:\Users\Lindsey\Desktop\MBR.dat"
09:57:30.535 The log file has been saved successfully to "C:\Users\Lindsey\Desktop\aswMBR.txt"
09:59:28.176 Disk 0 MBR has been saved successfully to "C:\Users\Lindsey\Desktop\MBR.dat"
09:59:28.176 The log file has been saved successfully to "C:\Users\Lindsey\Desktop\aswMBR.txt"
10:00:00.171 Disk 0 MBR has been saved successfully to "C:\Users\Lindsey\Desktop\MBR.dat"
10:00:00.171 The log file has been saved successfully to "C:\Users\Lindsey\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   570bytes   1 downloads


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 AM

Posted 24 August 2011 - 09:33 AM

Hi


Please do the following:



Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 24 August 2011 - 10:32 AM

Despite turning off every feature of Norton Security Suite I could find, the ComboFix program still complains about the Norton still being active. Therefore, I aborted combofix (by closing the window) immediately after closing the 2nd screen in the attached picture.

The ComboFix warns me that running with Norton active is at my own risk, but does not give me any method of exiting the program so that it does NOT run. The only choice I had was to close the subsequent window as soon as it opened.

Should I allow it to run even though it still complains about Norton? How do I fully disbale Norton? I went to the link for instructions on how to disable Norton, and it refers to actions I had already taken.

What next?

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 AM

Posted 24 August 2011 - 04:30 PM

Hi

as long as you have followed the instructions to turn off Norton as you have, then just OK through the complaints and run ComboFix, it will be fine.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 24 August 2011 - 11:00 PM

I found some more stuff in Norton to shut off, and now I can run ComboFix and it does not complain. However, ComboFix never finishes. It gets to the point where it displys "Completed Stage_4", but then just sits there and does nothing more. A process called "pev.3xe*32" contines to run, occupying about 25% of the CPU time.

Actually, after I left the machine with ComboFix running, it had gone to sleep for 30 minutes. So, for the 1.5 hours I thought I had left it running, it probably only ran for 30 minutes until it went to sleep. I changed my power seting so that it will not go to sleep, and restarted ComboFix.

I'll let you know in the morning if it actually ever finishes....

#11 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 25 August 2011 - 07:31 AM

It did finally finish. After it finished I tried to open a file explorer window, but it said "Illegal operation attempted on a registry key that has been marked for deletion". I clicked OK, and then it said "It might have been removed, renamed or deleted. Do you want to remove this item". I clicked NO. I then rebooted the machine. Now Explorer works. In addition, before I rebooted, I checked the status of my Norton. Some of the feature had turned themselves back on, even though I had specified that they stay off until the next reboot. Not sure if this affected it or not.

Norton complained about the Boot.Tidserv again prior to the reboot, and after the reboot. Not sure if ComboFix was supposed to do anything yet, or just generate a report...

Log file below:

ComboFix 11-08-24.06 - Lindsey 08/24/2011 22:25:59.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6005.4611 [GMT -4:00]
Running from: c:\users\Lindsey\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 08:52 . 2011-08-25 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-24 13:12 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 13:12 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-15 07:00 . 2011-08-15 07:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-15 01:07 . 2011-08-17 00:00 -------- d-----w- C:\Old C Drive
2011-08-14 13:34 . 2011-08-14 13:34 -------- d-----w- c:\programdata\Malwarebytes
2011-08-14 13:34 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-14 13:34 . 2011-08-14 13:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-14 13:34 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 13:17 . 2011-06-23 05:31 5474688 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-14 13:17 . 2011-06-23 04:32 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-14 13:17 . 2011-06-23 04:32 3911552 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-14 07:23 . 2011-08-14 07:23 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-14 07:23 . 2011-08-14 07:23 -------- d-----w- c:\windows\system32\Wat
2011-08-14 07:05 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-14 07:05 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-14 07:05 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-14 07:05 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-14 07:05 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-14 07:05 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-14 07:05 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-14 07:05 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-14 07:05 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-14 07:05 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-13 13:58 . 2011-08-13 13:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-13 13:51 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-13 13:51 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-08-13 13:51 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-08-13 13:51 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-08-13 13:51 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-08-13 13:51 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-08-13 13:51 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-13 13:51 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-13 13:51 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-08-13 13:38 . 2011-08-13 13:38 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-13 13:38 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-13 13:38 . 2011-08-13 14:39 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-13 13:38 . 2011-08-13 14:39 -------- d-----w- c:\program files\Symantec
2011-08-13 13:38 . 2011-08-13 13:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-13 13:37 . 2010-08-21 04:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-08-13 13:37 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-08-13 13:37 . 2011-08-14 01:09 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-08-13 13:37 . 2011-08-13 13:37 -------- d-----w- c:\program files (x86)\Norton Security Suite
2011-08-13 13:37 . 2011-08-13 13:37 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-08-13 12:56 . 2011-08-13 13:37 -------- d-----w- c:\programdata\Norton
2011-08-13 12:54 . 2011-08-13 12:54 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-13 12:54 . 2011-08-13 12:54 -------- d-----w- c:\windows\PCHEALTH
2011-08-13 12:54 . 2011-08-13 12:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-08-13 12:54 . 2011-08-13 12:54 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-08-13 12:54 . 2011-08-13 12:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-08-13 12:51 . 2011-08-13 12:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-08-13 12:51 . 2011-08-13 12:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-08-13 12:50 . 2011-08-14 07:08 -------- d-----w- c:\programdata\Microsoft Help
2011-08-13 12:50 . 2011-08-13 12:50 -------- d-----r- C:\MSOCache
2011-08-13 01:13 . 2011-08-13 01:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-08-13 01:04 . 2011-08-13 01:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-08-13 01:04 . 2011-08-13 01:04 -------- d-----w- c:\program files\Google
2011-08-13 01:04 . 2011-08-13 01:04 -------- d-----w- c:\program files (x86)\Google
2011-08-12 20:29 . 2011-08-12 20:29 -------- d-----w- c:\program files (x86)\CyberLink
2011-08-12 20:23 . 2011-08-12 20:23 -------- d-----w- c:\program files (x86)\Creative
2011-08-12 20:22 . 2011-08-12 20:22 -------- d-----w- c:\program files (x86)\Dell Webcam
2011-08-12 20:22 . 2010-06-07 20:45 174848 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
2011-08-12 20:22 . 2009-05-28 14:49 224768 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
2011-08-12 20:22 . 2011-08-12 20:22 -------- d-----w- c:\program files (x86)\Creative Live! Cam
2011-08-12 20:17 . 2011-08-12 20:17 -------- d-----w- c:\programdata\Uninstall
2011-08-12 20:16 . 2011-08-12 20:16 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared
2011-08-12 20:15 . 2011-08-12 20:15 -------- d-----w- c:\programdata\PhotoShow Shared Assets
2011-08-12 20:15 . 2011-08-12 20:15 -------- d-----w- c:\program files\Roxio
2011-08-12 20:14 . 2011-08-14 02:30 -------- d-----w- c:\programdata\Sonic
2011-08-12 20:13 . 2010-03-19 07:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-12 20:13 . 2009-10-20 07:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-08-12 20:13 . 2009-10-20 07:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-08-12 20:13 . 2011-08-12 20:20 -------- d-----w- c:\programdata\Roxio
2011-08-12 20:12 . 2011-08-12 20:17 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-12 20:12 . 2011-08-12 20:16 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-12 20:11 . 2011-08-12 20:16 -------- d-----w- c:\program files (x86)\Roxio
2011-08-12 20:11 . 2011-08-12 20:11 -------- d-----w- c:\programdata\Macrovision
2011-08-12 20:11 . 2011-08-12 20:17 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-08-12 19:16 . 2011-08-12 19:16 0 ----a-w- c:\windows\ativpsrm.bin
2011-08-12 19:15 . 2011-08-12 19:15 -------- d-----w- c:\program files\IDT
2011-08-12 19:15 . 2009-06-29 20:44 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2011-08-12 19:15 . 2009-06-29 20:44 3593216 ----a-w- c:\windows\system32\stlang64.dll
2011-08-12 19:15 . 2009-05-12 22:28 57856 ----a-w- c:\windows\system32\ctppld64.dll
2011-08-12 19:15 . 2009-05-12 22:27 652288 ----a-w- c:\windows\system32\ctapo64.dll
2011-08-12 19:15 . 2009-05-12 22:25 511488 ----a-w- c:\windows\system32\ctapo32.dll
2011-08-12 19:15 . 2009-03-02 20:59 165888 ----a-w- c:\windows\system32\AESTAC64.dll
2011-08-12 19:15 . 2009-03-02 20:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-08-12 19:15 . 2009-03-02 20:47 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2011-08-12 19:15 . 2009-03-02 20:08 431104 ----a-w- c:\windows\system32\AESTEC64.dll
2011-08-12 19:15 . 2011-08-12 19:15 -------- d-----w- c:\windows\system32\SRSLabs
2011-08-12 19:15 . 2009-06-29 20:44 12151808 ----a-w- c:\windows\system32\idtcpl64.cpl
2011-08-12 17:47 . 2011-08-12 17:47 -------- d-----w- c:\programdata\ATI
2011-08-12 17:43 . 2011-08-12 17:44 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-08-12 17:43 . 2011-08-12 17:43 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-08-12 17:42 . 2011-08-12 17:44 -------- d-----w- c:\program files\Intel
2011-08-12 17:42 . 2011-08-12 17:42 -------- d-----w- c:\program files (x86)\Cisco
2011-08-12 17:42 . 2011-08-12 17:42 -------- d-----w- c:\programdata\Intel
2011-08-12 17:42 . 2011-08-12 17:42 -------- d-----w- c:\program files\Common Files\Intel
2011-08-12 17:41 . 2011-08-12 17:41 -------- d-----w- c:\program files (x86)\STMicroelectronics
2011-08-12 17:41 . 2009-07-23 17:57 18792 ----a-w- c:\windows\system32\drivers\stdflt.sys
2011-08-12 17:41 . 2011-08-12 20:29 -------- d-----w- c:\programdata\Dell
2011-08-12 17:41 . 2011-08-12 17:41 -------- d-----w- c:\program files\Dell
2011-08-12 17:40 . 2011-08-12 20:29 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-08-12 17:40 . 2011-08-12 17:40 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2011-08-12 17:40 . 2011-08-12 17:41 -------- d-----w- c:\program files (x86)\Intel
2011-08-12 17:40 . 2011-08-12 17:40 -------- d-----w- C:\Intel
2011-08-12 17:37 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-08-12 17:37 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-08-12 17:19 . 2011-07-20 13:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4D7BFCD-41B6-4A2C-9CD3-7ACCC7EAF6FA}\mpengine.dll
2011-08-12 17:19 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-12 17:03 . 2011-08-12 17:03 -------- d-----w- c:\users\Lindsey
2011-08-12 00:01 . 2011-08-12 00:01 -------- d-----w- C:\backup
2011-08-11 23:59 . 2011-08-11 23:59 -------- d-----w- c:\program files\Synaptics
2011-08-11 23:55 . 2011-08-11 23:55 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-08-11 23:49 . 2009-11-18 21:43 421376 ----a-w- c:\windows\system32\atipdl64.dll
2011-08-11 23:48 . 2010-03-04 02:51 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-08-11 23:47 . 2011-08-11 23:47 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-11 23:45 . 2011-08-11 23:48 -------- d-----w- C:\hotfix
2011-08-11 23:45 . 2011-08-12 17:03 -------- d-----w- c:\windows\system32\oem
2011-08-11 23:45 . 2011-08-12 17:49 -------- d-----w- c:\windows\Panther
2011-08-11 23:45 . 2011-08-11 23:49 -------- d-----w- C:\Drivers
2011-08-11 23:39 . 2011-08-12 17:03 -------- d-----w- C:\dell
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 23:55 . 2011-08-11 23:55 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-08-11 23:55 . 2011-08-11 23:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-07-16 04:32 . 2011-08-13 13:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110822.031\IDSvia64.sys [2011-08-18 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-12 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 01:04]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2011-08-25 08:12:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 12:12
.
Pre-Run: 36,912,230,400 bytes free
Post-Run: 35,243,384,832 bytes free
.
- - End Of File - - 5109AA0543722110C2C82D8B794D7FF2

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 AM

Posted 25 August 2011 - 05:18 PM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 25 August 2011 - 08:59 PM

Malwarebytes found nothing.

I can't start the scan for the ESET program - where the hec is the SCAN button??? I attached a screenshot.

****************************************************************************************

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7571

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

8/25/2011 9:41:17 PM
mbam-log-2011-08-25 (21-41-17).txt

Scan type: Quick scan
Objects scanned: 173984
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 AM

Posted 25 August 2011 - 09:39 PM

looks like the window is cut off > can you maximize your window, there is usually a window on the right and the "start scan" is there

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 squatch

squatch
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 25 August 2011 - 10:42 PM

I could not get it to run via Explorer. So, I downloaded Firefox and used it. This worked OK. Results below:

C:\Old C Drive\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Old C Drive\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\Old C Drive\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Old C Drive\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Old C Drive\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2f84494a-5664d4f6 Java/Agent.BV trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7c88068a-6b440a8a Java/Agent.BV trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-17bf96af Java/Agent.BV trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\8ec9882-1d9ce2e4 probably a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b29fca3-75472e0c a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e63bec-675b0304 Java/Agent.BV trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\d81016d-74218c3a Java/Agent.BV trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\23b920c5-553df12e a variant of Java/Agent.AF trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\4c81ed73-6f98ff6c probably a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\677e1f36-5c80aa99 a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5ad4b738-29e60e68 Java/Agent.BV trojan
C:\Old C Drive\Users\Lindsey\Music\Two Door Cinema Club - Tourist History [2010]\K-Lite Codec Pack v. 5.8.3 - MEGA - for Video & Audio (High-Quality)\K-Lite_Codec_Pack_583_Mega.exe a variant of Win32/TrojanDropper.Small.NLJ trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2f84494a-5664d4f6 Java/Agent.BV trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7c88068a-6b440a8a Java/Agent.BV trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-17bf96af Java/Agent.BV trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\8ec9882-1d9ce2e4 probably a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b29fca3-75472e0c a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e63bec-675b0304 Java/Agent.BV trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\d81016d-74218c3a Java/Agent.BV trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\23b920c5-553df12e a variant of Java/Agent.AF trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\4c81ed73-6f98ff6c probably a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\677e1f36-5c80aa99 a variant of Java/Agent.BR trojan
C:\Old C Drive\Users\Users\Lindsey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5ad4b738-29e60e68 Java/Agent.BV trojan
C:\Old C Drive\Users\Users\Lindsey\Music\Two Door Cinema Club - Tourist History [2010]\K-Lite Codec Pack v. 5.8.3 - MEGA - for Video & Audio (High-Quality)\K-Lite_Codec_Pack_583_Mega.exe a variant of Win32/TrojanDropper.Small.NLJ trojan
C:\Old C Drive\Windows\Installer\4669b.msi a variant of Win32/Adware.Toolbar.Dealio application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users